On Nov 26, 2008, at 9:18 AM, David Precious wrote:
Having the permissions set to 777 means that any user who has an
account on that server could write to that directory.
For an attacker to upload stuff there, it's almost certainly
nothing to do with the directory being word-writable, but due to a
badly-written bit of software which accepts uploaded files and
stores them in a web-accessible path.
Thanks Dave.
The one gallery I was interested in was coppermine, which requires
777 on certain directories that by design already contain some php
files and other misc stuff. Since I may not have the skill to re-
write some of these applications, is it possible to add some stuff to
an htaccess file to stop new uploads of certain types? I have seen
suggestions like:
< FilesMatch "\.(inc|tpl|h|ihtml|sql|ini|conf|class|bin|spd|theme|
module|exe|php)$" >
deny from all
< /FilesMatch >
steve
____ The WDVL Discussion List from WDVL.COM ____
To Join wdvltalk, Send An Email To: mailto:[EMAIL PROTECTED] or
use the web interface http://e-newsletters.internet.com/discussionlists.html/
Send Your Posts To: wdvltalk@lists.wdvl.com
To change subscription settings, add a password or view the web interface:
http://intm-dl.sparklist.com/read/?forum=wdvltalk
________________ http://www.wdvl.com _______________________
You are currently subscribed to wdvltalk as: [EMAIL PROTECTED]
To unsubscribe send a blank email to [EMAIL PROTECTED]
To unsubscribe via postal mail, please contact us at:
Jupitermedia Corp.
Attn: Discussion List Management
475 Park Avenue South
New York, NY 10016
Please include the email address which you have been contacted with.
